NAME

SYNOPSIS

ARGUMENTS

gnutls_session_t session
is a gnutls session
unsigned int * status
is the output of the verification

DESCRIPTION

This function will try to verify the peer’s certificate and return its
status (trusted, invalid etc.). The value of status should be one or
more of the gnutls_certificate_status_t enumerated elements bitwise
or’d. To avoid denial of service attacks some default upper limits
regarding the certificate key size and chain size are set. To override
them use gnutls_certificate_set_verify_limits().
Note that you must also check the peer’s name in order to check if the
verified certificate belongs to the actual peer.
This function uses gnutls_x509_crt_list_verify() with the CAs in the
credentials as trusted CAs.
Note that some commonly used X.509 Certificate Authorities are still
using Version 1 certificates. If you want to accept them, you need to
call gnutls_certificate_set_verify_flags() with, e.g.,
GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT parameter.

SEE ALSO

The full documentation for gnutls is maintained as a Texinfo manual.
If the info and gnutls programs are properly installed at your site,
the command
infognutls
should give you access to the complete manual.